Twitter used 2FA phone numbers for ad targeting

Andrew Cummings
October 9, 2019

When users and companies promote sponsored tweets on Twitter, they can filter an ad's audience based on a series of criteria.

That information is supposed to be used exclusively for account protection purposes, but Twitter said advertisers were able to tap the phone numbers to target commercials, through the company's "Tailored Audiences" and "Partner Audiences advertising system". What's especially not cool, however, is when the data you handed over, like a phone number, is given for security purposes.

Social networking site Twitter disclosed today that it used phone numbers users provided for two-factor authentication (2FA), along with email addresses, to show targeted ads. For example, if you'd given your phone number to a pharmacy chain for discounts, that chain could advertise to you on Twitter based on that same phone number. "This was an error", Twitter said.

"We can not say with certainty how many people were impacted by this, but in an effort to be transparent, we wanted to make everyone aware", Twitter said.

Whether or not Twitter meant to use phone numbers, the effect is the same, it was using sensitive account details for ad targeting without users' knowledge or permission.

The incident could invite trouble for Twitter in Washington, where regulators who investigated and penalized Facebook for a series of privacy scandals took issue with its handling of phone numbers.

Twitter on Tuesday apologised after "inadvertently" using phone numbers and email addresses for advertising even though the personal data was provided for account security.

Twitter explained when a user provided their number for the security feature, Tailored Audiences and Partner Audiences may have used that data inadvertently.

If you have any questions about your data and how Twitter used it, you can fill out a Data Protection Enquiry Form to get a response from Twitter.

Other reports by iNewsToday